Fix crypto wallet core

package.json

@@ -81,6 +81,11 @@
   "resolutions": {
     "ecashaddrjs": "npm:ecashaddrjs@^2.0.0"
   },
+  "pnpm": {
+    "overrides": {
+      "@types/node": "22.13.1"
+    }
+  },
   "husky": {
     "hooks": {}
   }

packages/bitcore-lib-xec/lib/crypto/ecdsa.js

@@ -17,7 +17,7 @@ const $ = require('../util/preconditions');
  * @param {PulicKey} pubkey
  * @returns {Signature}
  */
-const calci = function (hashbuf, sig, pubkey) {
+const calci = function(hashbuf, sig, pubkey) {
   for (var i = 0; i < 4; i++) {
     var Qprime;
     try {
@@ -40,13 +40,13 @@ const calci = function (hashbuf, sig, pubkey) {
 /**
  * Information about public key recovery:
  * https://bitcointalk.org/index.php?topic=6430.0
- * http://stackoverflow.com/questions/19665491/how-do-i-get-an-ecdsa-public-key-from-just-a-bitcoin-signature-sec1-4-1-6-k
+ * http://stackoverflow.com/questions/19665491/how-do-i-get-an-ecdsa-public-key-from-just-a-bitcoin-signature-sec1-4-1-6-k 
  * @param {Buffer} hashbuf
  * @param {Signature} sig
  * @param {Number} i
  * @returns {PublicKey}
  */
-const getPublicKey = function (hashbuf, sig, i) {
+const getPublicKey = function(hashbuf, sig, i) {
   /* jshint maxstatements: 25 */
   $.checkArgument(i === 0 || i === 1 || i === 2 || i === 3, new Error('i must be equal to 0, 1, 2, or 3'));
 
@@ -97,7 +97,7 @@ const getPublicKey = function (hashbuf, sig, i) {
  * @param {Signature} sig Signature with the recovery factor i.
  * @returns {PublicKey}
  */
-const recoverPublicKey = function (hashbuf, sig) {
+const recoverPublicKey = function(hashbuf, sig) {
   return getPublicKey(hashbuf, sig, sig.i);
 };
 
@@ -106,7 +106,7 @@ const recoverPublicKey = function (hashbuf, sig) {
  * Generate a random k
  * @returns {BN}
  */
-const getRandomK = function () {
+const getRandomK = function() {
   var N = Point.getN();
   var k;
   do {
@@ -124,7 +124,7 @@ const getRandomK = function () {
  * @param {Number} badrs Increment until a valid k is found
  * @returns {BN}
  */
-const getDeterministicK = function (hashbuf, privkey, badrs) {
+const getDeterministicK = function(hashbuf, privkey, badrs) {
   /* jshint maxstatements: 25 */
   // if r or s were invalid when this function was used in signing,
   // we do not want to actually compute r, s here for efficiency, so,
@@ -167,7 +167,7 @@ const getDeterministicK = function (hashbuf, privkey, badrs) {
  * @param {BN} s
  * @returns {BN}
  */
-const toLowS = function (s) {
+const toLowS = function(s) {
   if (s.gt(new BN('7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0', 'hex'))) {
     s = Point.getN().sub(s);
   }
@@ -184,11 +184,11 @@ const toLowS = function (s) {
  * @param {Boolean} opts.randomK Use a random value for k - produces a non-deterministic signature (default: false)
  * @returns {Signature}
  */
-const sign = function (hashbuf, privkey, opts) {
+const sign = function(hashbuf, privkey, opts) {
   const { endian = 'big', randomK = false } = opts || {};
   $.checkState(BufferUtil.isBuffer(hashbuf) && hashbuf.length === 32, 'hashbuf must be a 32 byte buffer');
   $.checkState(privkey && privkey.bn, 'privkey must be a PrivateKey');
-
+  
   var d = privkey.bn;
   hashbuf = Buffer.from(hashbuf);
   if (endian === 'little') {
@@ -212,8 +212,8 @@ const sign = function (hashbuf, privkey, opts) {
   s = toLowS(s);
 
   return new Signature({
-    s,
-    r,
+    s: BN.fromBuffer(s.toBuffer()),
+    r: BN.fromBuffer(r.toBuffer()),
     compressed: privkey.publicKey.compressed
   });
 };
@@ -228,7 +228,7 @@ const sign = function (hashbuf, privkey, opts) {
  * @param {String} opts.endian 'big' or 'little' (default: big)
  * @returns {String|undefined} Returns an error string, or undefined if there is no error
  */
-const verificationError = function (hashbuf, sig, pubkey, opts) {
+const verificationError = function(hashbuf, sig, pubkey, opts) {
   const { endian = 'big' } = opts || {};
 
   if (!BufferUtil.isBuffer(hashbuf) || hashbuf.length !== 32) {
@@ -237,12 +237,8 @@ const verificationError = function (hashbuf, sig, pubkey, opts) {
 
   var r = sig.r;
   var s = sig.s;
-  try {
-    if (!(r.gt(BN.Zero) && r.lt(Point.getN())) || !(s.gt(BN.Zero) && s.lt(Point.getN()))) {
-      return 'r and s not in range';
-    }
-  } catch (error) {
-    return 'Invalid signature';
+  if (!(r.gt(BN.Zero) && r.lt(Point.getN())) || !(s.gt(BN.Zero) && s.lt(Point.getN()))) {
+    return 'r and s not in range';
   }
 
   var e = BN.fromBuffer(hashbuf, { endian });
@@ -273,12 +269,12 @@ const verificationError = function (hashbuf, sig, pubkey, opts) {
  * @param {String} opts.endian 'big' or 'little' (default: big)
  * @returns {Boolean}
  */
-const verify = function (hashbuf, sig, pubkey, opts) {
+const verify = function(hashbuf, sig, pubkey, opts) {
   if (!pubkey) {
     throw new Error('pubkey required for signature verification');
   }
   pubkey = new PublicKey(pubkey);
-
+  
   if (!sig) {
     throw new Error('signature required for verification');
   }
@@ -291,7 +287,7 @@ module.exports = {
   sign,
   verify,
   verificationError,
-
+ 
   // pubkey recovery methods
   calci,
   recoverPublicKey,

packages/bitcore-lib-xec/lib/privatekey.js

@@ -103,7 +103,7 @@ PrivateKey.prototype._classifyArguments = function(data, network) {
     info.network = Networks.get(data);
   } else if (typeof(data) === 'string'){
     if (JSUtil.isHexa(data)) {
-      info.bn = new BN(Buffer.from(data, 'hex'));
+      info.bn = new BN(data, 'hex');
     } else {
       info = PrivateKey._transformWIF(data, network);
     }

packages/bitcore-lib-xec/test/privatekey.js

@@ -25,18 +25,26 @@ describe('PrivateKey', function() {
   var wifNamecoin = '74pxNKNpByQ2kMow4d9kF6Z77BYeKztQNLq3dSyU4ES1K5KLNiz';
 
   it('should create a new random private key', function() {
-    var a = new PrivateKey();
+    const a = new PrivateKey();
     should.exist(a);
     should.exist(a.bn);
-    var b = PrivateKey();
+    const b = PrivateKey();
     should.exist(b);
     should.exist(b.bn);
+    a.bn.toString().should.not.equal(b.bn.toString());
   });
 
   it('should create a privatekey from hexa string', function() {
-    var a = new PrivateKey(hex2);
+    const a = new PrivateKey(hex2);
     should.exist(a);
     should.exist(a.bn);
+    a.toString().should.equal(hex2);
+  });
+
+  it('should create a privatekey from a non-standard hex string', function() {
+    const hex = '9aea0e90d2dae1b52f6e5fcfd9f7a6a984db2cdcff0704c2d732ac862770ed8'; // length 63...no leading 0
+    const a = new PrivateKey(hex);
+    a.toString().should.equal('09aea0e90d2dae1b52f6e5fcfd9f7a6a984db2cdcff0704c2d732ac862770ed8'); // has leading 0
   });
 
   it('should create a new random testnet private key with only one argument', function() {
@@ -416,15 +424,15 @@ describe('PrivateKey', function() {
     it('should convert this known PrivateKey to known PublicKey', function() {
       var privhex = '906977a061af29276e40bf377042ffbde414e496ae2260bbf1fa9d085637bfff';
       var pubhex = '02a1633cafcc01ebfb6d78e39f687a1f0995c62fc95f51ead10a02ee0be551b5dc';
-      var privkey = new PrivateKey(new BN(Buffer.from(privhex, 'hex')));
+      var privkey = new PrivateKey(new BN(privhex, 'hex'));
       var pubkey = privkey.toPublicKey();
       pubkey.toString().should.equal(pubhex);
     });
 
     it('should have a "publicKey" property', function() {
       var privhex = '906977a061af29276e40bf377042ffbde414e496ae2260bbf1fa9d085637bfff';
       var pubhex = '02a1633cafcc01ebfb6d78e39f687a1f0995c62fc95f51ead10a02ee0be551b5dc';
-      var privkey = new PrivateKey(new BN(Buffer.from(privhex, 'hex')));
+      var privkey = new PrivateKey(new BN(privhex, 'hex'));
       privkey.publicKey.toString().should.equal(pubhex);
     });
 

packages/bitcore-lib-xec/test/publickey.js

@@ -49,7 +49,7 @@ describe('PublicKey', function() {
     it('from a private key', function() {
       var privhex = '906977a061af29276e40bf377042ffbde414e496ae2260bbf1fa9d085637bfff';
       var pubhex = '02a1633cafcc01ebfb6d78e39f687a1f0995c62fc95f51ead10a02ee0be551b5dc';
-      var privkey = new PrivateKey(new BN(Buffer.from(privhex, 'hex')));
+      var privkey = new PrivateKey(new BN(privhex, 'hex'));
       var pk = new PublicKey(privkey);
       pk.toString().should.equal(pubhex);
     });

packages/bitcore-lib-xpi/lib/crypto/bn.js

@@ -187,4 +187,34 @@ BN.pad = function(buf, natlen, size) {
   return rbuf;
 };
 
+BN.prototype.getSize = function() {
+  const bin = this.toString(2).replace('-', '');
+  const numBits = bin.length + 1;
+  return numBits / 8;
+};
+
+BN.prototype.checkOperationForOverflow = function (operand, result, maxSize) {
+  if (this.getSize() > maxSize || operand.getSize() > maxSize || result.getSize() > 8) {
+    throw new Error('overflow');
+  }
+};
+
+BN.prototype.safeAdd = function(bigNumToAdd, maxSize) {
+  const sum = this.add(bigNumToAdd);
+  this.checkOperationForOverflow(bigNumToAdd, sum, maxSize);
+  return sum;
+};
+
+BN.prototype.safeSub = function(bigNumToSubtract, maxSize) {
+  const difference = this.sub(bigNumToSubtract);
+  this.checkOperationForOverflow(bigNumToSubtract, difference, maxSize);
+  return difference;
+};
+
+BN.prototype.safeMul = function(bigNumToMultiply, maxSize) {
+  const product = this.mul(bigNumToMultiply);
+  this.checkOperationForOverflow(bigNumToMultiply, product, maxSize);
+  return product;
+};
+
 module.exports = BN;

packages/crypto-wallet-core/tsconfig.json

@@ -1,6 +1,10 @@
 {
   "compilerOptions": {
-    "lib": ["es5", "es6", "es2017"],
+    "lib": [
+      "es5",
+      "es6",
+      "es2017"
+    ],
     "noImplicitAny": false,
     "removeComments": true,
     "declaration": true,
@@ -11,10 +15,19 @@
     "moduleResolution": "node",
     "esModuleInterop": true,
     "target": "es5",
-    "typeRoots": ["./node_modules/@types"],
+    "typeRoots": [
+      "../../node_modules/@types",
+      "./node_modules/@types"
+    ],
+    "types": [
+      "node"
+    ],
     "baseUrl": ".",
     "paths": {
-      "*": ["*", "./src/*"]
+      "*": [
+        "*",
+        "./src/*"
+      ]
     },
     "outDir": "ts_build",
     "sourceMap": true